Transforming IT
cancel
Showing results for 
Search instead for 
Did you mean: 

10 Microsoft Azure Active Directory Features You Need To Use

Services_Editor

With the almost overwhelming amount of apps, accounts and tools required by users, there needs to be a unified solution.

Luckily for us, there is – Microsoft Azure Active Directory [AD].

Azure AD is used by many organisations across the globe, but like most IT solutions, people are not exploiting its vast benefits.

In this guide we will explore 10 Microsoft Azure AD features that are truly game changing. They include untapped tricks around branded tenancy, to the gift that is MyApps.

Before we dive into the deep end, let’s start from the beginning [feel free to jump straight to the features beneath]…

What is Microsoft Azure AD?

Microsoft Azure AD is a cloud-based directory that enables a secure, identity driven, multi-tenant management of users.

In short – it becomes the hub of user access.

This access covers various different elements, whether that be data, devices or locations.

Here’s the kicker:

If correctly implemented, Azure AD enables the IT department of an organisation, large or small, to rapidly scale or revoke – remotely.

Deploying Azure AD

While it is easy to think that such systems are only utilised by the few tech giants of this world. In fact every Office 365, Azure and Dynamics CRM tenant is actually already accessing Azure AD. This means that you have the base to integrate it with your entire infrastructure.

Whether that be through IaaS, Paas or SaaS based applications, you have the potential to streamline the various demands of your user-base.

So, without further or do, here at the 10 Azure AD features you may be missing out on:

10 essential Microsoft Azure AD features

1. B2B Collaboration 

Firstly, we look to one of the more commonly known features – Azure AD business-to-business (B2B) collaboration.

This enables any organization using Azure AD to securely work with other companies, no matter their size. As such, these business can provide access to documents, apps and more, while ensuring control over corporate data. When you consider that the alternative solution would be to provide case by case access, this is very helpful.

Additionally, from a developer’s perspective, they have the opportunity to conveniently write business-to-business APIs.

2. B2C Collaboration

Similarly to the B2B capabilities of Azure AD, the B2C functionality offers that same scale, reliability and availability, however, this is for your customer-facing applications.

While customer facing applications may seem quite trivial, these activities can otherwise lean into the creation of Shadow IT. Whereby, users feel that there is a disconnect between the ways in which they can view personal and business related data.

In reality, with the common use of similar personal and business related passwords, this is a significant priority.

In addition, when you consider that Azure AD handles billions of authentications per day,you can be assured that the various activities can be handled smoothly.

3. Self service password resets

The cost of password resets to an organisation is not only an incredible waste of time, it is actually a very solvable solution.

In an attempt to explain the scale of the issue, this article from SpecOps argues that per 1000 employees, you have about 1000 hours per year of staff being inactive through password resets.

In addition, you have the time taken for IT to respond to such, thus, an inevitable loss of revenue will incur.

Specifically, when this occurs at a management level, where their hourly wage is greater, both the direct and indirect costs are significant.

image-11-1.png

However, with a well designed Azure AD, you enable users to self help. In view of maintaining a high level of security, you can control where, and how they are able to do so.

Such actions enable IT to focus on innovation rather than maintenance.

4. Branded tenancy

You’d be amazed how many companies don’t do this.

But in reality, it can become an extra step required if a hacker wants to spoof you for your credentials.

Through the very simple implementation of a logo and branded imagery, companies can make it that bit more difficult for generic spam emails to entice users to provide details.

This feature can be implemented company-wide with almost no effort, and could prevent a nasty gateway.

5. 2FA

As you can see in the password reset image above, Microsoft AD makes it very easy for you to add various security elements to your account.

This means that enabling multi-factor authentication [MFA] can become a very easy step for both new and existing users to exercise.

While MFA has been possible for a few years, the granular detail of Active Directory means that you can enforce it in more risky circumstances [such as when outside the office], but disable it when connected to the network.

6. Azure AD for BYOD devices

While traditionally you would have to assign specific rights on a user-by-user base, the advantage of a well remediated AD is that user groups can make things far easier.

Especially in the context of devices.

Whether you have the dilemma of work devices vs personal devices, or by delineating between different platforms, Azure AD has great control.

A great example of this would be down to the level of information – let’s say for example a company Intranet. An IT department is able to decide that senior management is allowed to access that information, not matter what device, with a secure sign in.

However, more confidential data, such as HR, can only be accessed on a work device, in these countries, with the ability to copy, but not print.

The ignoring of this granular level of control is one of the foremost reasons behind data leakage.

7. Conditional access based on your sign-in characteristics 

The conditional based requirements noted above are really why most of the largest companies in the world use Azure AD.

Equally, it is probably something that your organisation is probably not exploiting to its fullest.

Yes, part of any digital transformation strategy should be to focus on innovation and forward thinking, however, one of the greatest benefits of Azure is the ability to do so in tandem with vivid security.

8. Privileged Identity Management [PIM]

Despite IT’s need to confidently enact large scale changes are important, it is equally essential that these high profile accounts are minimised.

Part of PIM ensures that you can issue a work-flow, and provide temporary admin. Equally, you can limit the possibility for credentials to be hacked through requiring MFA and/ or manager approval.

In addition, to identify the source of any breached events, PIM enables you to locate the specific accounts used in an attack. This is made evermore relevant in that the average acknowledgement of a security breach takes place 4 months later.

As such, PIM enables you to create reports of administrator history, or enable varying degrees of authority, these could be:

  • Global Administrator
  • Service Administrator
  • Password Administrator

While this has previously been used in on-premises environments, the means of automating and scaling this process are limited.

9. Identity Protection 

With all the various access that is noted above, there will be many different logins that take place daily.

However, with the various knock-on access one account provides, there is an even greater incentive to attempt to hack in. However, one the greatest benefits of Azure AD, is the use of machine learning to understand the various locations and intention of giving user access.

This means that all sign-in attempts are carefully monitored, whereby you can set alerts, or even block access to accounts upon a series of failures, or suspicious behaviour.

In addition, the machine learning techniques are always applying new patterns to best understand the situation, and in doing so, you can be assured of a security system that is evolving with the rate of cyber breaches.

10. MyApps portal

Lastly, you have what could be consider the home of the various features discussed – the MyApps portal.

This hub enables quick access to a vast amount of organisation and Azure approved applications. These can include Wunderlist, or Concur.

Yes, this reduces the need for users to create simple, replicable passwords across their personal and business accounts, but more importantly, it also makes their process that much simpler, thus encouraging them to use the technology.

For the more technical audience out there, it also contains your BitLocker Key.

Over to you

Well there you go, there is our high level introduction and 10 under-utilised features of Microsoft Azure AD.

To make it nice and convenient here is a simple list:

10 Microsoft Azure AD features you need

  1. B2B Collaboration
  2. B2C Collaboration
  3. Self service password resets
  4. Branded tenancy
  5. 2FA
  6. Azure AD Join for BYOD devices
  7. Conditional access based on your sign in characteristics
  8. Privileged Identity Management [PIM]
  9. Identity Protection
  10. MyApps portal

We hope that these various Microsoft Azure AD features enable you to create a more secure, and collaborative workforce.

0 Kudos
About the Author

Services_Editor